Menu
I want to use ContainerCredentialsProvider(CredentialsEndpointProvider)
instead of ContainerCredentialsProvider(), as the latter is deprecated.
Currently I am using deprecated constructor ContainerCredentialsProvider() as below:
AWSSimpleSystemsManagement ssm =
AWSSimpleSystemsManagementClientBuilder
.standard()
.withRegion(region)
.withCredentials(new ContainerCredentialsProvider())
.build();
CredentialsEndpointProvider is an abstract class.
I need to use something like ECSCredentialsEndPointProvider in my docker and I am not sure how to do that. Any help is appreciated.
214
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/ . In the navigation pane, choose Users. Choose the name of the user whose access keys you want to create, and then choose the Security credentials tab. In the Access keys section, choose Create access key.
To make requests to Amazon Web Services using the AWS SDK for Java, you must use cryptographically-signed credentials issued by AWS. You can use programmatic access keys or temporary security credentials such as AWS IAM Identity Center (successor to AWS Single Sign-On) or IAM roles to grant access to AWS resources.
Develop and deploy applications with the AWS SDK for Java. The SDK makes it easy to call AWS services using idiomatic Java APIs.
I know this is kind of late, but hopefully this will help others like me who came to this question even in 2020 :)
Using your code's example, you should try out this
AWSSimpleSystemsManagement ssm =
AWSSimpleSystemsManagementClientBuilder
.standard()
.withRegion(region)
.withCredentials(new EC2ContainerCredentialsProviderWrapper())
.build();
The EC2ContainerCredentialsProviderWrapper implements AWSCredentialsProvider, and loads credentials from Amazon Container (e.g. EC2) Credentials, solving them in the following order:
- If environment variable "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" is set (typically on EC2) it is used to hit the metadata service at the following endpoint: http://169.254.170.2
- If environment variable "AWS_CONTAINER_CREDENTIALS_FULL_URI" is set it is used to hit a metadata service at that URI. Optionally an authorization token can be included in the "Authorization" header of the request by setting the "AWS_CONTAINER_AUTHORIZATION_TOKEN" environment variable.
- If neither of the above environment variables are specified credentials are attempted to be loaded from Amazon EC2 Instance Metadata Service using the InstanceProfileCredentialsProvider.
This is similar to the deprecated ContainerCredentialsProvider() :
By default, the URI path is retrieved from the environment variable "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" in the container's environment.
Update: If you are not sure which mechanism will be used or want to be compatible with environment variables, system properties, profile credentials and container credentials, you could use the DefaultAWSCredentialsProviderChain which will make sure to try out all options (as @Imran pointed out in a comment):
AWSSimpleSystemsManagement ssm =
AWSSimpleSystemsManagementClientBuilder
.standard()
.withRegion(region)
.withCredentials(new DefaultAWSCredentialsProviderChain())
.build();
For example, the implementation for the 1.11 SDK looks like this (it basically tries all the options until it finds one that works):
public DefaultAWSCredentialsProviderChain() {
super(new EnvironmentVariableCredentialsProvider(),
new SystemPropertiesCredentialsProvider(),
new ProfileCredentialsProvider(),
new EC2ContainerCredentialsProviderWrapper());
}
This way you are compatible with new versions that may introduce another type of authentication or if one option gets deprecated.
114
It seems to me you are meant to use the EC2ContainerCredentialsProviderWrapper:
val ecsCredProvider = new EC2ContainerCredentialsProviderWrapper()
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
